﻿namespace GameStoreMinimalApi.WebApi.Authorization;

public static class AuthorizationExtensions
{
    public static IServiceCollection AddGameStoreAuthorization(this IServiceCollection services)
    {
        services.AddAuthorizationBuilder()
            .AddPolicy(Policies.ReadAccess, builder => builder.RequireClaim("scope", "games:read"))
            .AddPolicy(Policies.WriteAccess, builder => builder.RequireClaim("scope", "games:write ")
                                                               .RequireRole("Admin"));

        return services;
    }
}
